Airtel has admitted about a security flaw in its Airtel mobile app that could have put the data of over 300 million users at risk. However, the company says that it has now fixed that security issue.
The vulnerability was associated with the Airtel app’s API (application programming interface) and could have been exploited by malicious parties to access the personal data of users by just using their mobile number.
The security flaw in the Airtel app could provide access to information such as the name of users, emails, birthday, residential address, and the IMEI number of the device on which the app was installed.
The company has said that the flaw has been fixed once it was brought to the telco’s attention. It was discovered by Bengaluru-based security researcher Ehraz Ahmed. He has also published a case study and a proof of concept video.
As mentioned, the API in question was used in Airtel’s mobile application to fetch user information. The vulnerability, thus, didn’t impact users through Airtel’s website. Ehraz Ahmed also says that it was one of the biggest findings in India so far — crossing 325 million affected users.
Giving a statement to BBC, Airtel spokesperson said: “There was a technical issue in one of our testing APIs, which was addressed as soon as it was brought to our notice.”
The company is yet to reveal if there was an actual breach and whether the data of all customers was secure. Airtel, which is currently India’s third-largest telecom operator behind Vodafone Idea and Jio.